jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

reverseproxy: get dates

Browse Source
This commit is contained in:
Girish Ramakrishnan
2023-02-01 11:05:50 +01:00
parent 690df0e5c4
commit eddfd20f24
1 changed files with 15 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
src/reverseproxy.js
View File

@@ -64,19 +64,23 @@ function nginxLocation(s) {
return `~ ^(?!(${re.slice(1)}))`; // negative regex assertion - https://stackoverflow.com/questions/16302897/nginx-location-not-equal-to-regex
}
function getExpiryDateSync(cert) {
function getCertificateDatesSync(cert) {
assert.strictEqual(typeof cert, 'string');
const result = safe.child_process.spawnSync('/usr/bin/openssl', [ 'x509', '-enddate', '-noout' ], { input: cert });
if (!result) return null; // some error
const result = safe.child_process.spawnSync('/usr/bin/openssl', [ 'x509', '-startdate', '-enddate', '-noout' ], { input: cert, encoding: 'utf8' });
if (!result) return { startDate: null, endDate: null } ; // some error
const notAfter = result.stdout.toString('utf8').trim().split('=')[1];
const lines = result.stdout.trim().split('\n');
const notBefore = lines[1].split('=')[0];
const notBeforeDate = new Date(notBefore);
const notAfter = lines[1].split('=')[1];
const notAfterDate = new Date(notAfter);
const daysLeft = (notAfterDate - new Date())/(24 * 60 * 60 * 1000);
debug(`expiryDate: notAfter=${notAfter} daysLeft=${daysLeft}`);
debug(`expiryDate: notBefore=${notBefore} notAfter=${notAfter} daysLeft=${daysLeft}`);
return notAfterDate;
return { startDate: notBeforeDate, endDate: notAfterDate };
}
async function isOcspEnabled(certFilePath) {
@@ -252,8 +256,8 @@ function getAcmeCertificateNameSync(fqdn, domainObject) {
function needsRenewalSync(cert) {
assert.strictEqual(typeof cert, 'string');
const notAfter = getExpiryDateSync(cert);
const isExpiring = (notAfter - new Date()) <= (30 * 24 * 60 * 60 * 1000); // expiring in a month
const { endDate } = getCertificateDatesSync(cert);
const isExpiring = (endDate - new Date()) <= (30 * 24 * 60 * 60 * 1000); // expiring in a month
debug(`needsRenewal: ${isExpiring}`);
return isExpiring;
}
@@ -584,10 +588,10 @@ async function cleanupCerts(locations, auditSource, progressCallback) {
if (certNamesInUse.has(certName)) continue;
const cert = await blobs.getString(certId);
const notAfter = getExpiryDateSync(cert);
if (!notAfter) continue; // some error
const { endDate } = getCertificateDatesSync(cert);
if (!endDate) continue; // some error
if (now - notAfter >= (60 * 60 * 24 * 30 * 6 * 1000)) { // expired 6 months ago and not in use
if (now - endDate >= (60 * 60 * 24 * 30 * 6 * 1000)) { // expired 6 months ago and not in use
progressCallback({ message: `deleting certs of ${certName}` });
// it is safe to delete the certs of stopped apps because their nginx configs are removed